diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fc4e83fe..748dec79 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,29 +1,13 @@ -name: CodeQL (Swift) - SAST +name: CodeQL ( Swift ) - SAST on: - workflow_call: - inputs: - scheme: - description: 'xcodebuild scheme arg' - required: true - type: string - project: - description: 'xcodebuild project arg' - required: true - type: string - workspace: - description: 'Optional xcodebuild workspace arg' - required: false - type: string - command: - description: 'Optional application build command, overrides build-scheme and build-workspace' - required: false - type: string - timeout-minutes: - description: 'Optional override for larger builds' - required: false - default: 30 - type: number + pull_request: + branches: + - master + push: + branches: + - master + workflow_dispatch: permissions: security-events: write @@ -40,18 +24,22 @@ jobs: code-scanning: name: Code Scanning runs-on: macos-15 - timeout-minutes: ${{ inputs.timeout-minutes }} + timeout-minutes: 30 strategy: fail-fast: false - steps: + steps: + - name: Capture start time + run: echo "start_time=$(date +%s)" >> $GITHUB_ENV + shell: bash + - name: Checkout uses: actions/checkout@v4 - name: Setup Xcode uses: maxim-lobanov/setup-xcode@v1 with: - xcode-version: '${{ matrix.xcode_version }}' + xcode-version: '16.2' - name: Carthage [Setup cache] uses: actions/cache@v3 @@ -76,30 +64,27 @@ jobs: debug: true - name: xcodebuild (default) - if: ${{ inputs.build-command == '' }} run: | - project=${{ inputs.project }} os_version=17.5 device="iPhone 15 Pro" destination="platform=iOS Simulator,name=${device},OS=${os_version}" - - scheme=${{ inputs.scheme }} + scheme=HyperwalletUISDK build_dir=${HOME}/Library/Developer/Xcode/DerivedData/${scheme} source_packages=${build_dir}/SourcePackages args=( "-configuration Debug" - "-scheme ${scheme}" - "-project ${project}" - "-destination '${destination}'" + "-scheme HyperwalletUISDK" "-derivedDataPath ${build_dir}" "-clonedSourcePackagesDirPath ${source_packages}" "-disableAutomaticPackageResolution" - "-scmProvider system" + "-scmProvider system" + "-destination 'generic/platform=iOS Simulator'" ) - if [[ -n "${{ inputs.build-workspace }}" ]]; then - args+=("-workspace ${{ inputs.build-workspace }}") + if [[ -n "HyperwalletUISDK.xcodeproj" ]]; then + t=1 + #args+=("-workspace HyperwalletUISDK.xcodeproj") fi args+=("clean") @@ -109,12 +94,17 @@ jobs: echo "${build_cmd}" eval "${build_cmd}" - - name: xcodebuild (custom) - if: ${{ inputs.build-command != '' }} - run: | - ${{ inputs.build-command }} - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: - category: "/language:swift" \ No newline at end of file + category: "/language:swift" + + - name: DataDog + if: always() && github.event_name != 'merge_group' + uses: hyperwallet/public-security-workflows/datadog@main + with: + SOURCE: "CodeQL" + DATADOG_API_KEY: ${{ secrets.BUILD_SECURITY_PAYPAL_DATADOG_QA_TOKEN_PAYPAL_DATADOG_QA_TOKEN }} + BU_NAME: "Hyperwallet" + start_time: ${{ env.start_time }} + OUTCOME: "${{ steps.codeql.outcome }}" \ No newline at end of file